Hi Eric,
I tried the hint - SSLProxyEngine On. The https connection works with
websites/applications that don't require a certificate.
For websites/applications that require a certificate, it fails. Please verify
if the below config makes sense?
I included the following SSL directives in the virtualhost port.
<VirtualHost my_ipaddr:44444>
---
SSLProxyEngine On
SSLEngine On SSLCertificateFile /etc/httpd/ssl/servercerts/server.CRT
SSLCertificateKeyFile /etc/httpd/ssl/servercerts/server.KEY
SSLProxyMachineCertificateFile /etc/httpd/ssl/clientcerts/client-cert.p12
--
</VirtualHost>
------------------------------
[Mon Aug 24 10:31:11 2009] [debug] ssl_engine_kernel.c(1765): OpenSSL: Read:
SSLv3 read finished A
[Mon Aug 24 10:31:11 2009] [debug] ssl_engine_kernel.c(1784): OpenSSL: Exit:
failed in SSLv3 read finished A
[Mon Aug 24 10:31:11 2009] [info] [client ip_addr1] SSL library error 1 reading
data
[Mon Aug 24 10:31:11 2009] [info] SSL Library Error: 336151568
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Mon Aug 24 10:31:11 2009] [info] SSL Library Error: 336150757
error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
[Mon Aug 24 10:31:11 2009] [error] [client ip_addr2] (20014)Internal error:
proxy: error reading status line from remote server webapplication_server
[Mon Aug 24 10:31:11 2009] [debug] mod_proxy_http.c(1466): [client
199.130.193.102] proxy: NOT Closing connection to client although reading from
backend server webapplication_server failed.
-----------------------------
--- On Sun, 8/23/09, Eric Covener <[email protected]> wrote:
> From: Eric Covener <[email protected]>
> Subject: Re: [us...@httpd] (internal app)
> --http-->apache---https--->(external app)
> To: [email protected]
> Date: Sunday, August 23, 2009, 9:17 PM
> > [Sun Aug 23 12:24:39 2009]
> [error] [client 73.155.40.73] SSL Proxy requested for
> my_proxyserver:80 but not enabled [Hint: SSLProxyEngine]
>
> Tried the hint?
>
> --
> Eric Covener
> [email protected]
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: [email protected]
> " from the digest: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
